Hey, I recently came across a very very small 8gb USB flash drive on newegg, a bit bigger than the tip of your pinky and I was trying to think about uses for it. The security-minded side of my head came out and wondered about using it to automatically install a keylogger or some other proof of concept program like calc.exe or notepad.exe

I did some googling about Autorun.inf and apparently the "open" option in Autorun.inf files is disabled for removable storage like usb flash drives and only really works with DVD's and CD's. Granted I'll probably never use this for any kind of malicious intentions its turned into a challenge to just see if I can find out how to do it.

So my question is.. is such a thing possible? I heard about incidents where a program on a usb drive was renamed to picture.jpg.exe so the user opens it and the program runs but I was hoping for no more interaction than simply plugging it in and letting it run on its own.

If your looking to do some form of autorun feature for a USB attack, then you need to look to a U3 device, as this has a partition that acts like a CD, and you can use it to autorun apps in a stealthy fashion (assuming the system is configured for autorun).

With non U3 devices social engineering techniques would be required to make someone execute the command your looking to use. There may be other batch techniques etc.

From personal experiance, most of the hack type things regarding USB are commonly detected by AV and Spyware detectors etc, so the results are not always that rewarding.